Operational Risk Management -- Contents -- Preface -- Acknowledgments -- Chapter 1 Definition and Drivers of Operational Risk -- The Definition of Operational Risk -- 2012 London Olympics: A Case Study -- Test One: Do the Seven Basel Operational Risk Categories Work in the Real World? -- Test Two: The Risk Management Tools -- Operational Risk Management and Operational Risk Measurement -- Operational Risk Management -- Operational Risk Measurement -- The Relationship between Operational Risk Management and Other Risk Types -- Drivers of Operational Risk Management -- Key Points -- Review Questions -- Notes -- Chapter 2 The Regulatory Push -- History of the Basel Accords -- Rules of the Accords -- Basel I -- Basel II -- Adoption of Basel II in Europe -- Adoption of Basel II in the United States -- Securities and Exchange Commission Amendments to the Net Capital Rule -- U.S. Regulators' Adoption of New Regulations to Apply Basel II -- Impact of the Financial Crisis -- The Promise of Basel III -- European Response to the Crisis -- U.S. Response to the Crisis -- The Future -- Key Points -- Review Questions -- Notes -- Chapter 3 The Operational Risk Framework -- Overview of the Operational Risk Framework -- The Foundations of the Framework -- Governance -- Culture and Awareness -- Policies and Procedures -- The Four Data Building Blocks -- Loss Data Collection -- Risk and Control Self-Assessment -- Scenario Analysis -- Key Risk Indicators -- Measurement and Modeling -- Reporting -- Risk Appetite -- Key Points -- Review Questions -- Note -- Chapter 4 Operational Risk Governance -- Role of Governance -- First Line of Defense -- Second Line of Defense -- Who Should Own the Operational Risk Function? -- What Should the Operational Risk Function Own? -- Third Line of Defense -- Audit -- Validation and Verification -- Risk Committees -- Key Points.

Review Questions -- Notes -- Chapter 5 Culture and Awareness -- Winning Over the Firm -- Marketing and Communication -- Training -- Planning -- The "Use Test" -- Key Points -- Review Question -- Note -- Chapter 6 Policies and Procedures -- The Role of Policies, Procedures, Guidelines, and Standards -- Best Practices -- Operational Risk Policy -- Sample Operational Risk Policy -- Sample Standards, Procedures, and Guidelines -- Extract from a Loss Data Standards Document -- Extract from a Loss Data Procedures Document -- Extract from a Loss Data Guidelines Document -- Linkage between Documents -- Key Points -- Review Question -- Chapter 7 Internal Loss Data -- Operational Risk Event Data -- Internal Loss Data or Internal Operational Risk Events -- Why Collect Operational Risk Event Data? -- Who Should Collect the Loss Data? -- What Should Be Collected in the Loss Data Program? -- Risk Event Categories -- Internal Fraud -- External Fraud -- Employment Practices and Workplace Safety -- Clients, Products, and Business Practices -- Damage to Physical Assets -- Business Disruption and System Failures -- Execution, Delivery, and Process Management -- Using the Basel Risk Categories -- Minimum Loss Data Standards -- Comprehensive -- Threshold -- Amount -- Date -- Description and Causes -- Criteria for Allocation to Business Line -- Criteria for Allocation to Central Function -- All Impacted Departments -- Boundary Events Identified -- Action Items -- Nonfinancial Impacts -- Where Should Operational Risk Event Data Be Collected? -- When Should Operational Risk Event Data Be Collected? -- How Should Operational Risk Event Data Be Collected? -- Key Points -- Review Questions -- Notes -- Chapter 8 External Loss Data -- External Operational Risk Event Data -- Sources of External Loss Event Data -- Subscription Databases -- Consortium Data.

Comparisons between Subscription and Consortium Databases -- Size of Losses by Risk Category -- Frequency of Losses by Risk Category -- Size of Losses by Business Line -- Number of Events by Business Line -- Challenges of External Data -- Société Générale and the External Event that Shook the Operational Risk World -- Key Points -- Review Question -- Notes -- Chapter 9 Business Environment Internal Control Factors: Key Risk Indicators -- Key Risk Indicators -- Key Performance Indicators -- Key Control Indicators -- Exception Monitoring -- Lagging Indicators -- Leading Indicators -- Selecting KRIs -- Thresholds -- KRI Standards -- KRI Chall enges -- Metrics Examples -- People Metrics -- Compliance Metrics -- Technology and Infrastructure Metrics -- Business Continuity Metrics -- Client Metrics -- Trade Execution and Process Management Metrics -- Financial Statement Metrics -- Key Points -- Review Question -- Note -- Chapter 10 Risk and Control Self-Assessments -- The Role of Assessments -- Control Assessments -- Risk and Control Assessments -- RCSAs -- RCSA Methods -- Questionnaire Approach -- Workshop Approach -- Hybrid RCSA Methods -- RCSA Scoring Methods -- Scoring Control Effectiveness -- Risk Impact Scores -- Probability or Frequency -- Risk Severity -- RCSA Best Practices -- Interview Participants Beforehand -- Review Available Background Data from Other Functions -- Review Past RCSAs and Related RCSAs -- Review Internal Loss Data -- Review of External Events -- Carefully Select and Train Participants -- Document Results -- Score Appropriately -- Identify Mitigating Actions -- Implement Appropriate Technology -- Ensure Completeness Using Taxonomies -- Themes Identified -- Leverage Existing Assessments -- Schedule Appropriately -- Backtest or Validate Results -- Key Points -- Review Question -- Notes -- Chapter 11 Scenario Analysis.

Role of Scenario Analysis -- Scenario Analysis Approaches -- (a) A Clearly Defined and Repeatable Process -- (b) Background Preparation -- (c) Qualified and Experienced Facilitators with Consistency in the Facilitation Process -- (d) The Appropriate Representatives -- (e) A Structured Process for the Selection of Data -- (f) High-Quality Documentation Which Provides Clear Reasoning and Evidence Supporting the Scenario Output -- (g) Independent Challenge and Oversight -- (h) A Process That Is Responsive to Changes -- (i) Mechanisms for Mitigating Biases -- Scenario Analysis Output -- Key Points -- Review Questions -- Notes -- Chapter 12 Capital Modeling -- Operational Risk Capital -- Basic Indicator Approach -- StandardIzed Approach -- Alternative Standardized Approach -- Future of the Basic and Standardized Approaches -- Advanced Measurement Approach -- Loss Distribution Approach to Modeling Operational Risk Capital -- Scenario Analysis Approach to Modeling Operational Risk Capital -- Hybrid Approach to Modeling Operational Risk Capital -- Insurance -- Disclosure -- Future of Capital Requirements -- Key Points -- Review Question -- Notes -- Chapter 13 Reporting -- Role of Reporting -- Loss Data Reporting -- Impact of Gains on Internal Event Reporting -- Trends in Internal Losses -- Internal Losses by Risk Category -- Timeliness -- External Loss Data Reporting -- Risk and Control Self-Assessment Reporting -- Key Risk Indicator Reporting -- Scenario Analysis Reporting -- Capital Reporting -- Action Tracking Reporting -- Risk Analysis of Table 13.4 -- A Consolidated View -- Dashboards -- Key Points -- Review Question -- Chapter 14 Risk Appetite -- The Role of Risk Appetite -- Regulatory Expectations -- Range of Practice in Risk Appetite and Tolerance Methods -- Risk Appetite Pressure Post 2008 -- Implementing a Risk Appetite Framework.

Background and Approach -- The Risk Appetite Framework as a Strategic Decision-Making Tool -- Appetite Governance: The Board, "C-Suite," and Business Lines -- Promoting a Firmwide Risk Appetite Framework -- Monitoring the Firm's Risk Profile within the Risk Appetite Framework -- Monitoring Operational Risk Appetite -- Risk Capacity -- Operational Risk Appetite -- Operational Risk Tolerance -- Operational Risk Limits/Indicators -- Risk Appetite Today -- Key Points -- Review Question -- Notes -- Chapter 15 Reputational Risk and Operational Risk -- What Is Reputational Risk? -- Reputational Impact -- Hurricane Sandy -- The LIBOR Scandal -- Stock Price Impacts -- Regulatory Oversight of Reputational Risks -- Reputational Risk Management Framework -- Drivers -- Governance -- Event Data Collection -- RCSA -- Key Risk Indicators -- Scenario Analysis -- Reporting -- Key Points -- Review Question -- Notes -- Chapter 16 Operational Risk and Convergence -- Operational Risk as a Catalyst for Convergence -- Governance, Risk, and Compliance (GRC) -- Assessment Convergence -- Convergence of Metrics -- Converged or GRC Reporting -- GRC Tools -- Key Points -- Review Question -- Note -- Chapter 17 Best Practices in Related Risk Management Activities -- New-Product Approval -- Supplier and Third-Party Risk -- Legal Risk Management -- Legal Considerations in the Operational Risk Framework -- Capturing Legal Risks Using the Operational Risk Framework -- Regulatory Risk Management -- People Risk Management -- Fraud Risk Management -- Technology Risk Management -- Weather Risk -- Pandemic Planning -- Strategic Risk -- Key Points -- Review Question -- Notes -- Chapter 18 Case Studies -- JPMorgan Whale: Risky or Frisky? -- Review Questions -- Notes -- Appendix Answers to Review Questions -- About the Author -- About the Website -- Index.